Skip to content

fix: Update 'bytes' dependency for vulnerability fix#94

Closed
Kissaki wants to merge 1 commit into
kotauskas:mainfrom
Kissaki:misc/bytes
Closed

fix: Update 'bytes' dependency for vulnerability fix#94
Kissaki wants to merge 1 commit into
kotauskas:mainfrom
Kissaki:misc/bytes

Conversation

@Kissaki
Copy link
Copy Markdown

@Kissaki Kissaki commented Apr 18, 2026
edited
Loading

1.11.0 -> 1.11.1

cargo audit output:

cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1049 security advisories (from C:\cache\cargo\advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (65 crate dependencies)
Crate:     bytes
Version:   1.11.0
Title:     Integer overflow in `BytesMut::reserve`
Date:      2026-02-03
ID:        RUSTSEC-2026-0007
URL:       https://github.com/advisories/GHSA-434x-w66g-qw3r
Solution:  Upgrade to >=1.11.1
Dependency tree:
bytes 1.11.0
└── tokio 1.48.0
    └── interprocess 2.4.0

@Kissaki
fix: Update 'bytes' dependency for vulnerability fix
bb64b18 
1.11.0 -> 1.11.1

* https://github.com/tokio-rs/bytes/releases/tag/v1.11.1
* GHSA-434x-w66g-qw3r

`cargo audit` output:

```
cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1049 security advisories (from C:\cache\cargo\advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (65 crate dependencies)
Crate:     bytes
Version:   1.11.0
Title:     Integer overflow in `BytesMut::reserve`
Date:      2026-02-03
ID:        RUSTSEC-2026-0007
URL:       GHSA-434x-w66g-qw3r
Solution:  Upgrade to >=1.11.1
Dependency tree:
bytes 1.11.0
└── tokio 1.48.0
    └── interprocess 2.4.0
```
@kotauskas
Copy link
Copy Markdown
Owner

kotauskas commented Apr 18, 2026

I did this in 600323e not long before you opened this PR, but hadn't pushed the changes yet.

@kotauskas kotauskas closed this Apr 18, 2026
@kotauskas kotauskas mentioned this pull request Apr 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kissaki @kotauskas